ksmbd: block asynchronous requests when making a delay on session setup

namjaejeon · smfrench · commit b096d97f4732 · 2023-05-03T23:03:01.000-05:00
ksmbd make a delay of 5 seconds on session setup to avoid dictionary
attacks. But the 5 seconds delay can be bypassed by using asynchronous
requests. This patch block all requests on current connection when
making a delay on sesstion setup failure.

Cc: stable@vger.kernel.org
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-20482
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
@@ -1840,8 +1840,11 @@ int smb2_sess_setup(struct ksmbd_work *work)
 
 			sess->last_active = jiffies;
 			sess->state = SMB2_SESSION_EXPIRED;
-			if (try_delay)
+			if (try_delay) {
+				ksmbd_conn_set_need_reconnect(conn);
 				ssleep(5);
+				ksmbd_conn_set_need_negotiate(conn);
+			}
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -1840,8 +1840,11 @@ int smb2_sess_setup(struct ksmbd_work *work)`
`1840`	`1840`
`1841`	`1841`	`sess->last_active = jiffies;`
`1842`	`1842`	`sess->state = SMB2_SESSION_EXPIRED;`
`1843`		`- if (try_delay)`
	`1843`	`+ if (try_delay) {`
	`1844`	`+ ksmbd_conn_set_need_reconnect(conn);`
`1844`	`1845`	`ssleep(5);`
	`1846`	`+ ksmbd_conn_set_need_negotiate(conn);`
	`1847`	`+ }`
`1845`	`1848`	`}`
`1846`	`1849`	`}`
`1847`	`1850`